Globalconfig.net

• Configuring IOS Zone-based Firewall with CCP
  Good Video on the Zone Based Firewall for those of you who may be working on CCSP or CCIE Security.
  (tags: Cisco IOS firewall zone-based-firewall)

I know many of you have heard the term before. It’s not uncommon for someone to get in over their head, and its especially easy in the networking world to do just that. I set a goal a little while back to achieve the CCIE R&S in 90 days. At the time it seemed like a reasonable goal with my background. Since then I have learned a great deal about my weaknesses and the amount of content that’s actually involved in the CCIE R&S. Well, I’m here to tell you that a CCNP is just the tip of the iceberg when it comes to being prepared for the CCIE R&S.

So, will I get it done? Can I actually get the R&S done in 90 days. Unlikely. I have much respect for those that have, but I have found that as I study the IPexpert material on the BLS there is much that I don’t know. I’m not saying that I can’t do it, I am just saying that 90 days may be a little unreasonable after all. There are of course multiple factors that play into this.

1. Getting a Lab date is tough right now since the lab is changing.
2. My schedule is hectic.
3. My family has to come first.
4. I have a lot to learn still.

So, I’m not going to give up, but I’m putting things into perspective.  I guess I’ll have to see how things go.  I haven’t even made it out of volume 1 of the workbooks yet, and that scares me!

It’s been a bit since I have posted but a lot has been going on. I’ve recently launched my CCNA Mentoring Program, I was a Customer Speaker at CiscoLive in San Francisco, and I’ve had a ton of family and friends at my house. While I had the opportunity to speak this year at CiscoLive one of the attendees requested a configuration that I mentioned when talking about the ASA. The idea was to mask the banner of a web server using the ASA. Referring to the figure below, here is how it works.

1. The User on the Desktop PC makes a telnet connection to port 80 of the web server.
2. The User enters GET/ HTTP/1.1
3. The Server Returns the Bad Request Error with the Server Banner in it Stating that it is an IIS Server
4. The ASA spoofs that banner making it appear to be an Apache/2.2 Server.

It’s actually acomplished by a very simple MPF configuration as seen below:

access-list HTTP permit tcp any any eq www

class-map HTTP
match access-l HTTP

policy-map type inspect HTTP_SPOOF
parameters
spoof-server "Apache/2/2/0 (Unix)
policy-map HTTP
class HTTP
inspect http HTTP_SPOOF

service-policy HTTP interface outside

Well that’s about it. Hope you find this useful!

So what is a CCA?  Well according to the release “The Cisco Certified Architect certification recognizes the architectural experience and competency of network designers who can support the increasingly complex networks of global organizations and effectively translate business strategies into evolutionary technical strategies.

So, because experience is part of being a CCA approximately 10 years of industry experience is one of the prerequisites.  Next because a CCA is testing competnecy of network designers the CCDE is also required as a prerequsite..  Finally, just to be accepted to the program you must submit an application.  I would assume that the lower number of CCA’s the better so the process seems to be solid in my opinion.  If this doesnt weed out the garbage I dont know what will.

I think Cisco made an excelent decision in formuating this certification and I believe it will really set people apart in the networking industry.

Monday

1:00 PM-3:00 PM
BRKCRT-2201
Moscone W2011 CCVP Prep: Cisco IP Telephony Essentials
3:30 PM-5:30 PM
BRKCRT-1963
Moscone W2008 CCVP:Mobility Features in Cisco Unified Communications Manager version 6 and 7

Tuesday

7:30 AM-9:30 AM
BRKCRT-1280
Moscone W2002 CCSP: Securing Networks with ASA Advanced (SNAA) Technical Introduction
10:00 AM-11:30 AM
(Conference Event) GENKEY-5501
Hall D Opening Keynote and Welcome Address with John Chambers
12:00 PM-2:00 PM
BRKRST-3035
Moscone W3001 Advanced Enterprise Campus Design: Virtual Switching System (VSS)
[ Related Technology Demo: Catalyst Switching Management ]
4:00 PM-6:00 PM
BRKRST-3468
Moscone W2011 Cisco Catalyst Virtual Switching System (VSS)
[ Related Technology Demo: Catalyst Switching Management ]

Wednesday

8:00 AM-10:00 AM
BRKCRT-1280
Moscone W2002 CCSP: Securing Networks with ASA Advanced (SNAA) Technical Introduction
10:30 AM-11:30 AM
(Conference Event) GENKEY-5564
Hall D Cisco Technology Keynote with Padmasree Warrior
12:00 PM-2:00 PM
BRKRST-3320
Moscone W2004 Troubleshooting BGP
4:00 PM-6:00 PM
BRKCRT-1852
Moscone W2008 CCNA Wireless: Prep Session

Thursday

8:00 AM-10:00 AM
BRKCRT-1108
Moscone W2002 CCNP Wireless Preview
10:30 AM-11:30 AM
(Conference Event) GENKEY-5565
Hall D Closing Guest Keynote: Guy Kawasaki
12:00 PM-2:00 PM
BRKRST-2301
Moscone W2022 Enterprise IPv6 Deployment

Hello everyone.

I am here in San Francisco getting ready for CiscoLive. I’ll be presenting at 2 of the breakout sessions on SNAA, which is part of the CCSP. My sessions are Tuesday and Wednesday morning (BRKCRT-1280).

If you are in town for the show make sure you stop by the Ascolta booth (1040) and say hello.

If you couldn’t make it this year please let me know if there is anything I should keep my eyes out for,  technology that is a must learn, any booths that are a must visit, or anyone that I should meet while I’m  here.

I’m looking forward to this week!  Time to get it started with speaker registrations.

Here are the slides for the CCNAVideo.net presentation I did today for CCNA candidates.  The program is open for Charter Members.  It doesnt officially launch until July 1st.  Feel free to use the comments section to shoot any questions you may have to me.

If you missed the video you can view it here.

Thanks to all that attended!

Brandon

Get the Slides Here!

If the Widget below does not allow you to register simply leave a comment with your email (nobody but me will see it) and I will manually enroll you.

In the near future I will be releasing a CCNA Mentoring Program designed to assist CCNA candidates in obtaining the CCNA Certification.  As an introduction to the program I will be holding a free CCNA Technical Introduction online this Wednesday, June 17th, 2009 at 5pm PST.  the embedded widget will allow you to register. 

Again, this is designed for those working on the CCNA. I realize many of you that follow my blog are well beyond that. In the future I hope to extend my reach. For now, this if for anyone that is wanting to get the CCNA.

I’ve mentioned that I will be at Cisco Live this year. I will be presenting at two technical breakout sessions on the topic of the SNAA (Securing Networks with ASA Advanced) CCSP course. Since I know a number of Cisco Bloggers will be at Cisco Live I thought I would take the opportunity to compile a list of Bloggers/Tweeters and the blog you represent/Twitter handle, so that we can have a meet-up sometime during all the festivities. I’m not planning anything fancy but was thinking Drinks somewhere local perhaps.

Anyhow, if you are going to be there lets get a list built. Fill out the form below and I’ll add you to my Official, “Unofficial” List of Cisco Bloggers/Tweeters at Cisco Live 2009. Ill be in contact with you regarding the location of the meet-up and any other ideas you may want to toss around.

This list will not be used for ANYTHING else. Your email address will NOT be shared with anyone. Your Name and Blog URL will be posted on http://www.globalconfig.net/ciscolive

Today I thought it would be nice to take a trip down memory lane with a post that highlights some of the archives.

Want to have a little fun with ACLs? Check out this post where I show some options for logging with ACLs.

• http://www.globalconfig.net/2008/02/18/fun-with-ios-access-lists/

Need a little motivation while working on the CCNA along with some fun facts?

• http://www.globalconfig.net/2008/05/26/10-things-you-need-to-know-about-getting-your-ccna/

Having troubles learning the BGP route selection process?

• http://www.globalconfig.net/2008/05/15/mnemonics-are-cool/

Check out some cool things you can do with the CLI show commands:

• http://www.globalconfig.net/2008/06/14/cli-shortucts/

Want to boggle your mind with Static Policy NAT on an ASA?

• http://www.globalconfig.net/2008/07/29/static-policy-pat/